Code Monkey home page Code Monkey logo

p0prxx / sourcecodesniffer Goto Github PK

View Code? Open in Web Editor NEW

This project forked from yikez978/sourcecodesniffer

0.0 1.0 0.0 344 KB

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

License: BSD 3-Clause "New" or "Revised" License

HTML 99.89% Python 0.11%

sourcecodesniffer's Introduction

SourceCodeSniffer

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) based on regular expressions. The Source Code Sniffer uses search patterns to score common high risk functions (Injection, LFI/RFI, file uploads etc) across multiple application development languages (C#, C/C++,Java, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner. When performing a source code review, it can help to prioritize the code files that should be reviewed.

Source Code Sniffer is written in Python 2.7 and supports both Windows and Linux.

Static Code Analysis Features and Languages

Language SQL Injection LFI/RFI XSS File Traversal File Uploads Hard-coded Secrets Command Injection Buffer Overflow
PHP
Python
Node.js
GO
ASP Classic
C#
JAVA
VisualBasic
Ruby
Perl
C/C++

Syntax help

python SourceCodeSniffer.py -h

- Command Line Usage
	``# C:/Users/Haxz0r/PycharmProjects/SourceCodeSniffer/SourceCodeSniff [options]``

Options
-------
====================== ==============================================================
-c --configFiles        specify the config files (default=['Default.ini', 'ASP.ini', 'CSharp.ini', 'Java.ini', 'VBScript.ini', 'C.ini'])
                        config files should be comma separated
-p --pathToScan         specify the path to scan (default=.)
                        use the forward slash / for both *nix and windows paths
-i --ignoreFiles        specify files to not scan (default=('.html', 'robots.txt'))
                        ignored files and file types should be comma separated
-v --verbose            verbose mode
-h --htmlReport         generate an html report (experimental)
-d --debug              show debug output
-l --log                output to log file
====================== ==============================================================
Example:
 python SourceCodeSniffer.py -c ASP.ini,CSharp.ini,Default.ini,VBScript.ini -p c:/testpath/test/ -i .html,robots.txt

Commandline Output Example - C/C++ Scan

#python SourceCodeSniffer.py -c C.ini -p "C:\SRC"
  Source Code Sniffer Version: 0.6 Updated: June 12, 2018 (-h for help)
Using configuration files: ['C.ini']
Recursively sniffing path for dangerous code: C:\SRC
[################################] 3/3 - 00:00:39
Files sorted by potential risk level:
Risk		 File Path
0   		 C:\SRC\Small.c
2    		 C:\SRC\Gateway.c
2    		 C:\SRC\Library.c

Files sorted by number of potential issues:
Issues 		File Path
0    		C:\SRC\Small.c
2679 		C:\SRC\Gateway.c
12982 		C:\SRC\Library.c

Report Output File Example - C/C++ Scan

Coming soon...

sourcecodesniffer's People

Contributors

frizb avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.